AWS codeguru documentation change
Summary
Added deprecation notice for repository associations after 2025-11-07 and removed multiple IAM policy examples related to tag-based access control
Security assessment
The change announces service deprecation aspects but does not address specific security vulnerabilities. Removal of IAM policy examples reduces documentation about access control patterns but doesn't indicate a resolved security flaw.
Diff
diff --git a/codeguru/latest/reviewer-ug/auth-and-access-control-using-tags.md b/codeguru/latest/reviewer-ug/auth-and-access-control-using-tags.md index db3612674..35ecbb16e 100644 --- a//codeguru/latest/reviewer-ug/auth-and-access-control-using-tags.md +++ b//codeguru/latest/reviewer-ug/auth-and-access-control-using-tags.md @@ -4,0 +5,2 @@ +Starting November 7, 2025, you will not be able to create new repository associations in Amazon CodeGuru Reviewer. If you would like to use the service, create repository associations prior to November 7, 2025. To learn about services with capabilities similar to CodeGuru Reviewer, see [Amazon CodeGuru Reviewer availability change](https://docs.aws.amazon.com/codeguru/latest/reviewer-ug/codeguru-reviewer-availability-change.html). + @@ -35,32 +36,0 @@ The following policy denies users permission to the `DisassociateRepositoryAssoc - - { - "Version": "2012-10-17", - "Statement": [ - { - "Effect": "Deny", - "Action": [ - "codeguru-reviewer:DescribeRepositoryAssociation" - ], - "Resource": "*", - "Condition": { - "ForAnyValue:StringEquals": { - "aws:RequestTag/ViewAssocatedRepositoryDetails": "DenyViewRepository" - } - } - }, - { - "Effect": "Deny", - "Action": [ - "codeguru-reviewer:DisassociateRepository" - ], - "Resource": "*", - "Condition": { - "ForAnyValue:StringEquals": { - "aws:TagKeys": ["DenyDisassociate"] - } - } - } - ] - } - - @@ -71,17 +40,0 @@ You can create a policy that allows or denies actions on CodeGuru Reviewer code - - { - "Version": "2012-10-17", - "Statement" : [ - { - "Effect" : "Deny", - "Action" : [ - "codeguru-reviewer:ListRecommendations" - ] - "Resource" : "arn:aws:codeguru-reviewer:us-west-2123456789012:association:*", - "Condition" : { - "StringEquals" : "aws:ResourceTag/Recommendations": "Secret" - } - } - ] - } - @@ -92,22 +44,0 @@ You can create policies that selectively allow CodeGuru Reviewer actions on all - - { - "Version": "2012-10-17", - "Statement": [ - { - "Effect": "Allow", - "Action": [ - "codeguru-reviewer:AssociateRepository", - "codeguru-reviewer:DescribeRepositoryAssociation", - "codeguru-reviewer:DisassociateRepositoryAssociation" - ], - "Resource": "*", - "Condition": { - "StringNotEquals": { - "aws:ResourceTag/Status": "AssociatedRepositoryAllow", - "aws:ResourceTag/Team": "Saanvi" - } - } - } - ] - } -